Re: [PATCH v3 2/6] userfaultfd: add /dev/userfaultfd for fine grained access control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Axel Rasmussen <axelrasmussen@xxxxxxxxxx> writes:

> I think for any approach involving syscalls, we need to be able to
> control access to who can call a syscall. Maybe there's another way
> I'm not aware of, but I think today the only mechanism to do this is
> capabilities. I proposed adding a CAP_USERFAULTFD for this purpose,
> but that approach was rejected [1]. So, I'm not sure of another way
> besides using a device node.

I take it there's a reason why this can't be done with a security module
- either a custom module or a policy in one of the existing modules?
That sort of access control is just what security modules are supposed
to be for, after all.

Thanks,

jon



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux